This document provides information on how to add Intrusion Detection
System (IDS) sensors and modules (includes IDSM on Catalyst 6500 switches,
NM-CIDS on routers and AIP-SSM on ASA) in the Cisco Security Manager
(CSM).

The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.

When you add a device to Security Manager, you bring in a range of
identifying information for the device, such as its DNS name and IP address.
After you add the device, it appears in the Security Manager device inventory.
You can manage a device in Security Manager only after you add it to the
inventory.

You can add devices to the Security Manager inventory with these
methods:

Add a device from the network.

Add a new device that is not yet on the network

Add one or more devices from the Device and Credentials Repository
(DCR).

Add one or more devices from a configuration
file.

Note: This document focuses on the method: Add a new device that is not yet
on the network.

Use the Add New Device option in order to add a single device to the
Security Manager inventory. You can use this option for pre-provisioning. You
can create the device in the system, assign policies to the device, and
generate configuration files before you receive the device hardware.

CNS-Configuration Engine—Different information is displayed,
which depends on whether you select static or dynamic IP type:

Static—Click the arrow to display a list of
Configuration Engines. Select the Configuration Engine that is managing the
device. If the Configuration Engine does not appear in the list, complete these
steps:

In order to manage the device in Security Manager, check the
Manage in Cisco Security Manager check box. This is the
default.

If the only function of the device you are adding is to serve as
a VPN end point, uncheck the Manage in Cisco Security Manager
check box.

Security Manager will not manage configurations or upload or
download configurations on this
device.

Check the Security Context of Unmanaged Device check box in order
to manage a security context, whose parent device (PIX Firewall, ASA, or FWSM)
is not managed by Security Manager.

You can partition a PIX Firewall, ASA, or FWSM into multiple
security firewalls, also known as security contexts. Each context is an
independent system, with its own configuration and policies. You can manage
these standalone contexts in Security Manager, even though the parent (PIX
Firewall, ASA, or FWSM) is not managed by Security Manager.

Note: This field is active only if the device you selected in the
Device selector is a firewall device, such as PIX Firewall, ASA, or FWSM, that
supports security context.

Check the Manage in IPS Manager check box in order
to manage a Cisco IOS router in IPS Manager.

This field is active only if you selected a Cisco IOS router from
the Device selector.

Note: IPS Manager can manage the IPS features only on a Cisco IOS
router that has IPS capabilities. For more information, see the IPS
documentation.

If you check the Manage in IPS Manager check box, you must check
the Manage in Cisco Security Manager check box also.

If the selected device is IDS, this field is not active. However,
the check box is checked because IPS Manager manages IDS sensors.

If the selected device is PIX Firewall, ASA, or FWSM, this field is
not active because IPS Manager does not manage these device types.

Click Finish.

The system performs device validation tasks:

If the data you entered is incorrect, the system generates error
messages and displays the page where the error occurs.

If the data you entered is correct, the device is added to the
inventory and it appears in the Device
selector.